View Javadoc
1 package org.apache.turbine.modules.actions.sessionvalidator; 2 3 /* ==================================================================== 4 * The Apache Software License, Version 1.1 5 * 6 * Copyright (c) 2001 The Apache Software Foundation. All rights 7 * reserved. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 16 * 2. Redistributions in binary form must reproduce the above copyright 17 * notice, this list of conditions and the following disclaimer in 18 * the documentation and/or other materials provided with the 19 * distribution. 20 * 21 * 3. The end-user documentation included with the redistribution, 22 * if any, must include the following acknowledgment: 23 * "This product includes software developed by the 24 * Apache Software Foundation (http://www.apache.org/)." 25 * Alternately, this acknowledgment may appear in the software itself, 26 * if and wherever such third-party acknowledgments normally appear. 27 * 28 * 4. The names "Apache" and "Apache Software Foundation" and 29 * "Apache Turbine" must not be used to endorse or promote products 30 * derived from this software without prior written permission. For 31 * written permission, please contact apache@apache.org. 32 * 33 * 5. Products derived from this software may not be called "Apache", 34 * "Apache Turbine", nor may "Apache" appear in their name, without 35 * prior written permission of the Apache Software Foundation. 36 * 37 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED 38 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 39 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 40 * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR 41 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 42 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 43 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF 44 * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 45 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 46 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT 47 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 48 * SUCH DAMAGE. 49 * ==================================================================== 50 * 51 * This software consists of voluntary contributions made by many 52 * individuals on behalf of the Apache Software Foundation. For more 53 * information on the Apache Software Foundation, please see 54 * <http://www.apache.org/>;. 55 */ 56 57 // Turbine Classes 58 import org.apache.turbine.TurbineConstants; 59 import org.apache.turbine.util.RunData; 60 import org.apache.turbine.services.resources.TurbineResources; 61 import org.apache.turbine.services.security.TurbineSecurity; 62 63 /*** 64 * SessionValidator for use with the Template Service, the 65 * TemplateSessionValidator is virtually identical to the 66 * TemplateSecureValidator except that it does not tranfer to the 67 * login page when it detects a null user (or a user not logged in). 68 * 69 * <p>The Template Service requires a different Session Validator 70 * because of the way it handles screens. 71 * 72 * @see TemplateSecureSessionValidator 73 * @author <a href="mailto:john.mcnally@clearink.com">John D. McNally</a> 74 * @author <a href="mailto:mbryson@mont.mindspring.com">Dave Bryson</a> 75 * @version $Id: TemplateSessionValidator.java,v 1.4 2002/03/29 15:57:04 dobbs Exp $ 76 */ 77 public class TemplateSessionValidator extends SessionValidator 78 { 79 /*** 80 * Execute the action. 81 * 82 * @param data Turbine information. 83 * @exception Exception, a generic exception. 84 */ 85 public void doPerform( RunData data ) throws Exception 86 { 87 /* 88 * Pull user from session. 89 */ 90 data.populate(); 91 92 // The user may have not logged in, so create a "guest" user. 93 if ( data.getUser() == null ) 94 { 95 data.setUser(TurbineSecurity.getAnonymousUser()); 96 data.save(); 97 } 98 99 // make sure we have some way to return a response 100 if ( !data.hasScreen() && 101 data.getTemplateInfo().getScreenTemplate() == null ) 102 { 103 String template = TurbineResources.getString( 104 TurbineConstants.TEMPLATE_HOMEPAGE); 105 106 if (template != null) 107 { 108 data.getTemplateInfo().setScreenTemplate(template); 109 } 110 else 111 { 112 data.setScreen(TurbineResources.getString( 113 TurbineConstants.SCREEN_HOMEPAGE)); 114 } 115 } 116 // the session_access_counter can be placed as a hidden field in 117 // forms. This can be used to prevent a user from using the 118 // browsers back button and submitting stale data. 119 else if ( data.getParameters().containsKey("_session_access_counter") ) 120 { 121 // See comments in screens.error.InvalidState. 122 if ( data.getParameters().getInt("_session_access_counter") < 123 (((Integer)data.getUser().getTemp("_session_access_counter")) 124 .intValue()-1) ) 125 { 126 if (data.getTemplateInfo().getScreenTemplate() != null) 127 { 128 data.getUser().setTemp( "prev_template", 129 data.getTemplateInfo().getScreenTemplate() 130 .replace('/', ',') ); 131 data.getTemplateInfo().setScreenTemplate( 132 TurbineResources.getString( 133 TurbineConstants.TEMPLATE_INVALID_STATE) ); 134 } 135 else 136 { 137 data.getUser().setTemp( "prev_screen", 138 data.getScreen().replace('/', ',') ); 139 data.setScreen( TurbineResources.getString( 140 TurbineConstants.SCREEN_INVALID_STATE) ); 141 } 142 data.getUser().setTemp("prev_parameters", data.getParameters()); 143 data.setAction( "" ); 144 } 145 } 146 147 // we do not want to allow both a screen and template parameter. 148 // The template parameter is dominant. 149 if ( data.getTemplateInfo().getScreenTemplate() != null ) 150 { 151 data.setScreen(null); 152 } 153 } 154 }

This page was automatically generated by Maven